The general problem is to provide a device capable of transmitting in a secure manner a set of high visual quality films in an MPEG type format directly to a television screen and/or to be recorded on the hard disk of a box connecting the remote transmission network to the television screen, while preserving the audiovisual quality but preventing any fraudulent use such as the possibility of making pirate copies of films or audiovisual programs recorded on the hard disk of the decoder box.
This disclosure also enables complete control of the use of the copies and the rights of the broadcast works.
With the presently available solutions, it is possible to transmit films and audiovisual programs in digital form via broadcast networks of the airwaves, cable, satellite, etc. type or via DSL (Digital Subscriber Line) type telecommunication networks or LRL (local radio loop) networks or via DAB (Digital Audio Broadcasting) networks. Moreover, in order to prevent pirating of works broadcast in this manner, these works are often encrypted by various means well known to the expert in the field.
However, the principal disadvantage of all of the presently available solutions (TiVo Inc., WO 01/65762) is that it is necessary to transmit not only the encrypted data to the users but also the decryption keys. Transmission of the decryption keys can be performed prior to, at the same time as or after transmission of the audiovisual programs. In order to increase the security and thus the protection of the audiovisual works against ill-intentioned use, the decryption keys as well as the decryption functions of the audiovisual decoders can comprise enhanced security means such as smart cards or other physical keys that can optionally be updated remotely.
Thus, the presently available solutions applied to a decoder box with the ability of local recording of audiovisual programs in digital form on a support of any type such as a hard disk or other type of memory provides an ill-intentioned user the possibility of making unauthorized copies of the programs recorded in this manner because at any given moment this user has with his digital decoder box associated or not with smart card systems all of the information, software programs and data enabling the complete decryption of the audiovisual programs. Precisely because of the fact that he possesses all of the data, the ill-intentioned user would have the possibility of making illegal copies without anybody becoming aware of this fraudulent copying when it is performed.
One solution would therefore consist of transmitting all or part of a digital audiovisual program solely on demand (on demand video services) via a broad-band telecommunication network of the DSL, cable or satellite type without authorizing the local recording of the audiovisual programs. The disadvantage here is completely different and stems from the performances of these network which do not make it possible to guarantee continuous streams of several megabits per second to each user as required by MPEG streams which require pass bands from several hundreds of kilobits to many megabits per second.
Under these conditions, one solution consists of separating the stream into two parts neither of which could be used by itself. Many patents have been filed in the context of this approach. We thus know from document WO 99/08428 (Gilles Maton) a method for the multi-application processing of a localizable active terminal in which there is implemented at least one link with an identifiable program dedicated to the execution of an application, said program dictating its operating conditions to the terminal for the setting up of its functions. The terminal dialogues in a multi-role manner with the management center for the implementation, if necessary, of the inputs and outputs of the capacities of this center with the management center optionally becoming the slave of the terminal at the application level in relation to the incoming program. This disclosure also pertains to the method for the identification of the program and the terminal in operating mode. This method of the prior art divides the stream into a part used for identifying the user and a part that contains the actual program itself. In particular, said program is not unusable but merely made inaccessible by the first part.
In addition, document EP 0778513 (Matsushita) describes a method enabling prevention of illegal use of an information unit by adding to it a control information unit in order to verify the rights of the user. The system makes it possible to remain permanently informed as to which part of the information unit is used and by which user and thereby to be informed as to whether or not this user is in an illegal position. This method thus makes the data secure by adding additional information units which distort the initial information.
Document WO 00/49483 (Netquartz) also provides us with methods and systems for creating a link between the users and an editor of digitized entities. The method comprises at least one of the following steps: the step of subdividing said digitized entity into two parts; the step of storing one part in memory in a server connected to a computer-based network; the step of transmitting the other part to at least one user who has available computer-based equipment; the step of connecting said computer-based equipment to said computer-based network; the step of establishing a functional link between said first part and said second part. These methods and systems do not specify whether the part stored in memory on the server can be stored by the user, which would enable the user to pirate said digitized entity.
Lastly, with regard to this approach, the closest state of the art is found in the patents of Hyper LOCK Technologies, the most pertinent of which is document U.S. Pat. No. 5,937,164. This disclosure uses the solution comprised of separating the stream into two parts, the smaller one of which holds an information unit required for the use of the larger part. This patent nevertheless is not sufficient for resolving the identified problem. In fact, suppression of a part of the stream distorts the format of the stream which then cannot be recognized as a standard stream that can be run with general software applications. This method of the prior art requires both a specific software program at the server side for the separation of the two parts, and another specific software program enabling not only the reconstruction of the stream but also the acquisition of the principal stream and its management according to a format proprietary to the solution. This proprietary format is not the initial format of the stream prior to separation into two parts in this known solution.
This company has also filed three other patents: document U.S. Pat. No. 5,892,825 returns to the approach of the preceding patent but in a narrower framework because the streams are still encrypted; document U.S. Pat. No. 6,035,329 is based on the same principle and pertains to a method enabling the reading of a CD-ROM or DVD-ROM disk contingent on the identification of the rights by the insertion of a smart card on which the information required for reading is stored. This method is still not adequate for our problem because it does not ensure that the modified stream is of the same format as the original stream. Finally, document U.S. Pat. No. 6,185,306 pertains to a method for the transmission of encrypted data from a Web site to a requesting computer. This method, however, makes it possible for the user to have available at a given moment the tools required for copying the data.